Merge pull request #365 from navikt/rydde-vekk-abac-helt

Fjerne abac helt fra veilarbarena

pom.xml

@@ -217,11 +217,6 @@
             <artifactId>types</artifactId>
             <version>${common.version}</version>
         </dependency>
-        <dependency>
-            <groupId>com.github.navikt.common-java-modules</groupId>
-            <artifactId>abac</artifactId>
-            <version>${common.version}</version>
-        </dependency>
         <dependency>
             <groupId>com.github.navikt.common-java-modules</groupId>
             <artifactId>sts</artifactId>

src/main/java/no/nav/veilarbarena/config/ApplicationConfig.java

@@ -3,9 +3,6 @@
 import com.github.benmanes.caffeine.cache.Cache;
 import com.github.benmanes.caffeine.cache.Caffeine;
 import lombok.extern.slf4j.Slf4j;
-import no.nav.common.abac.Pep;
-import no.nav.common.abac.VeilarbPepFactory;
-import no.nav.common.abac.audit.SpringAuditRequestInfoSupplier;
 import no.nav.common.auth.context.AuthContextHolder;
 import no.nav.common.auth.context.AuthContextHolderThreadLocal;
 import no.nav.common.client.aktoroppslag.AktorOppslagClient;
@@ -110,14 +107,6 @@ public KafkaConfig.EnvironmentContext kafkaConfigEnvContext() {
                 .setProducerClientProperties(aivenByteProducerProperties(PRODUCER_CLIENT_ID));
     }
 
-    @Bean
-    public Pep veilarbPep(EnvironmentProperties properties, Credentials serviceUserCredentials) {
-        return VeilarbPepFactory.get(
-                properties.getAbacUrl(), serviceUserCredentials.username,
-                serviceUserCredentials.password, new SpringAuditRequestInfoSupplier()
-        );
-    }
-
     @Bean
     public static StsConfig stsConfig(EnvironmentProperties properties, Credentials serviceUserCredentials) {
         return StsConfig.builder()

src/main/java/no/nav/veilarbarena/config/EnvironmentProperties.java

@@ -31,8 +31,6 @@ public class EnvironmentProperties {
 
     private String naisStsDiscoveryUrl;
 
-    private String abacUrl;
-
     private String dbUrl;
 
     private String kafkaBrokersUrl;

src/main/java/no/nav/veilarbarena/service/AuthService.java

@@ -3,8 +3,6 @@
 import com.nimbusds.jwt.JWTClaimsSet;
 import lombok.SneakyThrows;
 import lombok.extern.slf4j.Slf4j;
-import no.nav.common.abac.Pep;
-import no.nav.common.abac.domain.request.ActionId;
 import no.nav.common.auth.context.AuthContextHolder;
 import no.nav.common.types.identer.Fnr;
 import no.nav.poao_tilgang.client.*;
@@ -28,14 +26,11 @@ public class AuthService {
 
     private final AuthContextHolder authContextHolder;
 
-    private final Pep veilarbPep;
-
     private final PoaoTilgangClient poaoTilgangClient;
 
     @Autowired
-    public AuthService(AuthContextHolder authContextHolder, Pep veilarbPep, PoaoTilgangClient poaoTilgangClient) {
+    public AuthService(AuthContextHolder authContextHolder, PoaoTilgangClient poaoTilgangClient) {
         this.authContextHolder = authContextHolder;
-        this.veilarbPep = veilarbPep;
         this.poaoTilgangClient = poaoTilgangClient;
     }
 
@@ -74,11 +69,7 @@ public void sjekkTilgang(Fnr fnr) {
             }
         } else {
             log.warn("Har systembruker rolle men mangler rolle access_as_application in claims. Dette skal ikke skje.");
-            String innloggetBrukerToken = authContextHolder.requireIdTokenString();
-            if (!veilarbPep.harTilgangTilPerson(innloggetBrukerToken, ActionId.READ, fnr)) {
-                log.warn("Systembruker tilgang avvist via abac");
-                throw new ResponseStatusException(HttpStatus.FORBIDDEN);
-            }
+            throw new ResponseStatusException(HttpStatus.FORBIDDEN);
         }
     }
 

src/main/resources/application.properties

@@ -20,7 +20,6 @@ spring.data.jdbc.repositories.enabled=false
 app.env.naisStsDiscoveryUrl=${SECURITY_TOKEN_SERVICE_DISCOVERY_URL}
 app.env.openAmDiscoveryUrl=${OPENAM_DISCOVERY_URL}
 app.env.veilarbloginOpenAmClientId=${VEILARBLOGIN_OPENAM_CLIENT_ID}
-app.env.abacUrl=${ABAC_PDP_ENDPOINT_URL}
 app.env.dbUrl=${VEILARBARENADATASOURCE_URL}
 app.env.kafkaBrokersUrl=${KAFKA_BROKERS_URL}
 app.env.soapStsUrl=${SECURITYTOKENSERVICE_URL}

src/test/java/no/nav/veilarbarena/config/ApplicationTestConfig.java

@@ -1,7 +1,5 @@
 package no.nav.veilarbarena.config;
 
-import no.nav.common.abac.AbacClient;
-import no.nav.common.abac.Pep;
 import no.nav.common.auth.context.AuthContextHolder;
 import no.nav.common.auth.context.AuthContextHolderThreadLocal;
 import no.nav.common.client.aktoroppslag.AktorOppslagClient;
@@ -17,9 +15,7 @@
 import no.nav.veilarbarena.client.ords.dto.ArenaOppfolgingsstatusDTO;
 import no.nav.veilarbarena.client.ytelseskontrakt.YtelseskontraktClient;
 import no.nav.veilarbarena.client.ytelseskontrakt.YtelseskontraktResponse;
-import no.nav.veilarbarena.mock.AbacClientMock;
 import no.nav.veilarbarena.mock.MetricsClientMock;
-import no.nav.veilarbarena.mock.PepMock;
 import no.nav.veilarbarena.utils.LocalH2Database;
 import org.apache.kafka.common.serialization.ByteArraySerializer;
 import org.mockito.Mockito;
@@ -67,21 +63,11 @@ public AktorOppslagClient aktorOppslagClient() {
         return Mockito.mock(AktorOppslagClient.class);
     }
 
-    @Bean
-    public AbacClient abacClient() {
-        return new AbacClientMock();
-    }
-
     @Bean
     public LeaderElectionClient leaderElectionClient() {
         return () -> true;
     }
 
-    @Bean
-    public Pep veilarbPep(AbacClient abacClient) {
-        return new PepMock(abacClient);
-    }
-
     @Bean
     public MetricsClient metricsClient() {
         return new MetricsClientMock();